03-01-2009 11:59 PM - edited 03-04-2019 03:46 AM
Hi,
I want to harden my internet router.
Any link on this.
I cheked few links and find out that RFC 1918,3380 address to be blocked on externla int.
There is one entry like
access-list 101 deny ip host 0.0.0.0 any
&
access-list 101 deny ip host 255.255.255.255.any.
What is this host in the command.My internet router or something else.What should I use here..
And how these acl will work?
Reg,
Sushil
03-02-2009 02:39 AM
Sushil
host 0.0.0.0 & host 255.255.255.255 are host addresses you should never see so you are safe to deny them.
There are some very good papers on hardening devices, have a look at these two
1) Cisco document on hardening routers
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
2) A non-Cisco doc from the sans.org website.
Jon
03-02-2009 03:03 AM
Hi,
These guides are good too
http://www.nsa.gov/ia/guidance/security_configuration_guides/cisco_router_guides.shtml
Regards
03-02-2009 03:06 AM
Thanks Jon for your response.
03-02-2009 01:56 PM
Hey Jon,
Thanks for the link. Check out this proviso: "Reposting is not permited without express written permission."
He he he ...
03-02-2009 04:00 AM
Not as good as some of the links the other posters provided, however you might also want to try SDM's (Cisco Router and Security Device Manager) security audit againt your router (if your device is supported).
More info: http://www.cisco.com/en/US/products/sw/secursw/ps5318/index.html
03-02-2009 10:03 PM
Hi,
Can Someone help on how to harden or secure Switch which is connected to Internet.
Multiple ISP links are terminated on the switch...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: